diff options
| author | Patrick Uiterwijk <puiterwijk@redhat.com> | 2017-04-10 22:06:44 +0200 |
|---|---|---|
| committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2017-04-10 22:06:52 +0200 |
| commit | 3a8e11cf7eb62625f72c5898f2bd6b43c8a270e1 (patch) | |
| tree | 3e572ce0094d6d5d713a22dc2fc3f9aa3576bb08 | |
| parent | 989c36132f671503a3abced0e089a8ec683c9949 (diff) | |
| download | ansible-3a8e11cf7eb62625f72c5898f2bd6b43c8a270e1.tar.gz ansible-3a8e11cf7eb62625f72c5898f2bd6b43c8a270e1.tar.xz ansible-3a8e11cf7eb62625f72c5898f2bd6b43c8a270e1.zip | |
Split staging and prod docker push certs
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
| -rw-r--r-- | roles/fedora-web/candidate-registry/files/passwd-production (renamed from roles/fedora-web/candidate-registry/files/passwd) | 0 | ||||
| -rw-r--r-- | roles/fedora-web/candidate-registry/files/passwd-staging | 1 | ||||
| -rw-r--r-- | roles/fedora-web/candidate-registry/tasks/main.yml | 12 | ||||
| -rw-r--r-- | roles/fedora-web/registry/files/passwd-production (renamed from roles/fedora-web/registry/files/passwd) | 0 | ||||
| -rw-r--r-- | roles/fedora-web/registry/files/passwd-staging | 1 | ||||
| -rw-r--r-- | roles/fedora-web/registry/tasks/main.yml | 12 | ||||
| -rw-r--r-- | roles/httpd/reverseproxy/templates/reversepassproxy.candidate-registry.conf | 2 | ||||
| -rw-r--r-- | roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf | 2 |
8 files changed, 26 insertions, 4 deletions
diff --git a/roles/fedora-web/candidate-registry/files/passwd b/roles/fedora-web/candidate-registry/files/passwd-production index 4979d2dcf..4979d2dcf 100644 --- a/roles/fedora-web/candidate-registry/files/passwd +++ b/roles/fedora-web/candidate-registry/files/passwd-production diff --git a/roles/fedora-web/candidate-registry/files/passwd-staging b/roles/fedora-web/candidate-registry/files/passwd-staging new file mode 100644 index 000000000..90e491f81 --- /dev/null +++ b/roles/fedora-web/candidate-registry/files/passwd-staging @@ -0,0 +1 @@ +/C=US/ST=NM/L=Raleigh/O=Red Hat/OU=Fedora Project/CN=docker-registry-internal-stg:xxj31ZMTZzkVA diff --git a/roles/fedora-web/candidate-registry/tasks/main.yml b/roles/fedora-web/candidate-registry/tasks/main.yml index 426620009..ced296c7c 100644 --- a/roles/fedora-web/candidate-registry/tasks/main.yml +++ b/roles/fedora-web/candidate-registry/tasks/main.yml @@ -7,8 +7,18 @@ - fedora-web - fedora-web/candidate-registry +- name: Copy over the registry CA + copy: src="{{private}}/files/docker-registry/{{env}}/docker-registry-ca.pem" + dest="/etc/pki/httpd/registry-ca-{{env}}.cert" + owner=root group=root mode=0644 + notify: + - reload proxyhttpd + tags: + - fedora-web + - fedora-web/candidate-registry + - name: Copy over the registry passwd - copy: src=passwd dest=/etc/httpd/conf.d/candidate-registry.fedoraproject.org/passwd + copy: src="passwd-{{env}}" dest=/etc/httpd/conf.d/candidate-registry.fedoraproject.org/passwd owner=root group=root mode=0644 notify: - reload proxyhttpd diff --git a/roles/fedora-web/registry/files/passwd b/roles/fedora-web/registry/files/passwd-production index acc4e4706..acc4e4706 100644 --- a/roles/fedora-web/registry/files/passwd +++ b/roles/fedora-web/registry/files/passwd-production diff --git a/roles/fedora-web/registry/files/passwd-staging b/roles/fedora-web/registry/files/passwd-staging new file mode 100644 index 000000000..90e491f81 --- /dev/null +++ b/roles/fedora-web/registry/files/passwd-staging @@ -0,0 +1 @@ +/C=US/ST=NM/L=Raleigh/O=Red Hat/OU=Fedora Project/CN=docker-registry-internal-stg:xxj31ZMTZzkVA diff --git a/roles/fedora-web/registry/tasks/main.yml b/roles/fedora-web/registry/tasks/main.yml index 3b92726dd..52437eca2 100644 --- a/roles/fedora-web/registry/tasks/main.yml +++ b/roles/fedora-web/registry/tasks/main.yml @@ -13,8 +13,18 @@ - fedora-web - fedora-web/registry +- name: Copy over the registry CA + copy: src="{{private}}/files/docker-registry/{{env}}/docker-registry-ca.pem" + dest="/etc/pki/httpd/registry-ca-{{env}}.cert" + owner=root group=root mode=0644 + notify: + - reload proxyhttpd + tags: + - fedora-web + - fedora-web/candidate-registry + - name: Copy over the registry passwd - copy: src=passwd dest=/etc/httpd/conf.d/registry.fedoraproject.org/passwd + copy: src="passwd-{{env}}" dest=/etc/httpd/conf.d/registry.fedoraproject.org/passwd owner=root group=root mode=0644 notify: - reload proxyhttpd diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.candidate-registry.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.candidate-registry.conf index d2c0cd650..fce95b1b3 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.candidate-registry.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.candidate-registry.conf @@ -8,7 +8,7 @@ ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}} SSLVerifyClient optional SSLVerifyDepth 1 -SSLCACertificateFile /etc/pki/httpd/fedora-server-ca.cert +SSLCACertificateFile /etc/pki/httpd/registry-ca-{{env}}.cert SSLOptions +FakeBasicAuth diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf index e3e9f5a43..4bdd1b2de 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf @@ -23,7 +23,7 @@ RewriteRule ^/(.*)$ http://localhost:6081/$1 [P,L] SSLVerifyClient optional SSLVerifyDepth 1 -SSLCACertificateFile /etc/pki/httpd/fedora-server-ca.cert +SSLCACertificateFile /etc/pki/httpd/registry-ca-{{env}}.cert SSLOptions +FakeBasicAuth <Directory /srv/web/registry-signatures> |